CVE-2020-5290
CVE-2020-5290 affects RedpwnCTF prior to v2.3, exposing a session-fixation flaw exploitable via the #token=$ssid hash in requests to /verify. An attacker could leverage a stored XSS payload to automatically sign victims into the attacker’s account, enabling manipulation of challenge outcomes and ...